Security Updates
The team at SourcePro by Perforce is committed to the highest possible standard of security in our C++ Libraries. Which is why we are continually updating our libraries to mitigate security risks and provide a world class C++ development platform for customers. Upgrade to the latest version of SourcePro and view the previous security updates below.
| Update | Description | Fixed |
|---|---|---|
OpenSSL Critical Vulnerability Fix | The version of OpenSSL shipped by default with SourcePro 2022.1 contained the vulnerability "CVE-2022-3786". This vulnerability allows for a buffer overrun to be triggered in X.509 certificate verification. | SourcePro 2022.1.1 |
Potential Integer Overflow | A potential integer overflow was identified through static analysis in RWStandardCString::toLower. | SourcePro 2022.1 |
Potential Buffer Overflow | Potential buffer overflow error when constructing or assigning to an RWBasicUString from an RWUChar16 array. | SourcePro 2020 |
Improved Security Protocol | Added support for TLSv1.3 | SourcePro 2018.1 |
Thread Safety | Multi-threaded network code calls non-reentrant functions on Solaris platforms. Getservbyname and gethostbyname both affected in multi-threaded builds. | SourcePro 2016.3 |
Improved Security Options | A new RWSecureSocketContext constructor was added to allow fine-grained control over the allowed TLS protocol versions. | SourcePro 2016.3 |
Invalid Memory Read | Fixed invalid memory read when comparing RWBasicUString against a NULL terminated RWUChar16 array. | SourcePro 2016.2 |
Improved Security Standards | All SourcePro modules now conform to the latest security standards CWE, CERT, OWASP, DISA STIG, and MISRA, and were tested with Klocwork Insight 10 analysis rules related to these standards. | SourcePro 13 |
Improved Security Protocol | FTPS Package: This new package provides FTP support over secure connections. | SourcePro 12.5 |
Upgrade to the Latest SourcePro Version
Upgrade to the latest SourcePro version for the best of security in C++ Libraries.